Summary
This host is running Symantec Web Gateway and is prone to directory traversal vulnerability.
Impact
Successful exploitation could allow attackers to read arbitrary files via directory traversal attacks and gain sensitive information.
Impact Level: Application
Solution
Upgrade to Symantec Web Gateway version 5.0.3 or later For updates refer to http://www.symantec.com/business/web-gateway
Insight
The flaw is due to an improper validation of user-supplied input passed via the 'relfile' parameter to the '/spywall/releasenotes.php', which allows attackers to read arbitrary files via a ../(dot dot) sequences.
Affected
Symantec Web Gateway versions 5.0.x before 5.0.3
References
- http://osvdb.org/82024
- http://secunia.com/advisories/49216
- http://www.securityfocus.com/bid/53442
- http://www.symantec.com/business/web-gateway
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-0298 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:N/A:P
Related Vulnerabilities
- Apache Rave User Information Disclosure Vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities